Showing posts with label Group Policy. Show all posts
Showing posts with label Group Policy. Show all posts

Friday 17 April 2015

Adding AD User Groups Into Computer Local Groups (Microsoft Server 2003)

Description :
There are multiple ways to do add AD user groups into computer local groups - manual way or using GPO. To me, it is always GPO way - it is easier (sort of) as the configuration will be persistent across all servers where the GPO being applied to.



How To Do :
  1.  At your GPO, right click at it, and choose Edit...

  2.  Expand to Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right click at it, and choose Add Group...

  3.  Click at Browse... as we want to choose the AD user Group.

  4.  Type your AD User Group

  5.   Click at Check Names to ensure the group is correct. Once it is confirmed, click at OK.

  6. The User group will be listed here. You can choose as many user groups as you want, it will be listed here. Press OK again.

  7.  In here, click at the Add button under This group is a member of: option.

  8.  Click at Browse to choose the local group to be assigned to.

  9.  Type your desired local group name. In this example, I chose Remote Desktop User. As always, press Check Names, and OK once confirmed.

  10.  Press OK.

  11.  So the local group will be listed here. Press Apply and OK.

  12.  You can see a new entry listed in Restricted Groups option.

  13.  To ensure the policy enforced to the servers, RDP to the servers and run GPUPDATE /FORCE command

  14. You can see the AD user group will be listed in local Group.
Share:
           , , ,       No comments    

Friday 27 February 2015

How To Totally Remove GPO

Assuming you mistakenly created a GPO and want to delete it before your boss hammerring your head (huh?).. Okay, too much drama, so let's change it. You want to housekeep your GPO (again?), and there are some GPOs need to be deleted. You right click at it, press Delete, and this message box prompted. 
Do you want to delete this link? 
This will not delete the GPO itself.
So, are you doing it right? The answer is no. Deleting it from the OU structure will not totally remove the GPO, it only unlink the OG from the GPO.



Description :
Put Citrix servers out of Citrix load (some sort of private mode / maintenance mode).



How To Do :
  1.  Within Group Policy Management Console, Go to Group Polcy Objects node. Right clik at the target GPO, and choose Delete



Share:
           , , ,       No comments    

Wednesday 25 February 2015

How To Enable / Disable Time Zone Redirection

There will be situation where Business wants users' Citrix sessions to reflect server time zone, especially when the datacenter location and users' locations are at different time zones. These steps are also applicable to provide local time zone to Citrix / TS users.

Description :
To provide server / local time zone to users' Citrix sessions.


How To Do :

  1.  Launch Citrix AppCenter, and go to Policies node.


  2. From there, click at Users tab.


  3.  Depending whether to create a new policy or edit current one, choose the option accordingly. In this case, we create a new one.


  4.  Configure policy name


  5.  Browse to All Settings > ICA > Time Zone Control


  6.   Add Use local time of client policy


  7.  Choose desired option, whether to use server time or local time, then press OK


  8.  Press Next to proceed


  9.  Configure filtering accordingly.


  10.  Enable and create the Citrix policy.


  11. Go to Group Policy Management Console, and create a new policy or edit current policy. In this case, we edit current policy.


  12.  Browse to User Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Destop Session Host > Device and Resource Redirection


  13.  Right click at Allow time zone redirection, and press Edit


  14.  Choose to enable or disable time zone redirection accordingly. Press Apply and OK.


  15.  This is the outcomes. 


Share:
           , , , , , , , ,       No comments    

Friday 9 January 2015

How To Hide Windows Local Disk Drives From Users

In some organizations, Management may want to hide certain server local drives from being accessed by Citrix users. There are a few methods to do so, but in this post, we will be using GPP. 

Note that this step will only HIDE but not prevent users from acecssing to it. The configured drive will only be hide from WIndows Explorer. Thus, users still can access to the drive via Command prompt, Run command etc.

Description :
Hide certain drives from being accessed by users.



How To Do :


  1.  Launch Group Policy Management Console. Depending on how your AD is structured, right click at the OU, and choose " Create a GPO in this domain, and Link it here... "

  2.  Give it a name, and press OK.

  3.  Then you can see the GPO created.

  4.  Right click at the GPO, and choose Edit.

  5.   Expand to User Configuration > Preference > Windows Settings, click at Drive Maps

  6.  Right click at Drive Maps, hover to New and click at Mapped Drive

  7.  In here, follow below instructions:
    Action : Update
    Drive Letter : Existing, and choose desired drive (in this example, it is D: drive

    Press Apply and OK.



Share:
           , , , , , ,       No comments    

Thursday 10 July 2014

Task Scheduler Error - An Error has occurred for task . The following error was reported: A specific logon session does not exist. It may already have been terminated.

A few days ago I created a script to do some little, tiny checking on my servers. My plan was to create a Task Scheduler so that script can be executed periodically. But (yeah, there is always a but), I encountered an error. If we look carefully at the error, it did not mentioned about Securty or policy setting, but I know it must related to UAC.

Issues :

 Receive error when configuring Task Scheduler :


An Error has occurred for task <Task Name>. The following error was reported: A specific logon session does not exist. It may already have been terminated.
Troubleshooting 
  1.  Go to Start > Administrative Tools > Click at Task Scheduler

  2.  Browse to Task Scheduler (local) > Task Scheduler Library

  3.  Right click at the specific Task Scheduler > choose Properties

  4.  At General tab, the radio box " Run whether user is logged on or not " is enabled. Which means, the setting is okay.

  5.  Further checking, go to Start > Run, type secpol.msc and press Enter.

  6.  Browse to Security Settings > Local Policies > Security Options

  7.  Check on this setting, it is Enabled.




Resolution :
  1.  Right click at the above mentioned setting, and choose Properties

  2.  Click at Disabled, press Apply and OK.


  3.  Perform gpupdate /force to refresh policy update.
Share:
           , , , , , ,       No comments    

Friday 21 February 2014

How To Configure Pass-Through on Citrix Web Interface

I received a request by my clients to enable pass-through to their Citrix Web Interface site. Not more than a few minutes after completion, they made a few complaints, saying that they needed to supply their credentials every time they launched published applications, which defeats the Single Sign-On (SSO) purposes. After a few minutes of troubleshooting, I realized that, in order to enable pass-through, there are more steps need to be taken, not simply enabling the feature.


Description :
Properly enabling Pass-Through, so users wot have to supply credentials every time they launched Citrix published applications, as below :



How To Do :





  1.  Uninstall current installed Citrix Receiver





  2. Once un-installation completed, open command prompt, and type CMD


  3.  Browse to the installer location, and run command ( CitrixReceiver.exe /includeSSON )to install Receiver with SSON enabled

  4. Proceed with installation


  5. When you can see this in Programs and Features, it means the installation is already completed.


     
  6. Go to start > run and type GPEDIT.MSC


  7.  Add new ADM template for this purpose, by choosing Add/Remove Templates...



  8. Press Add.


     
  9. Add the template which can be located at this path ( %SystemDrive%\Program Files (x86)\ICA Client\Configuration ). The file name is icaclient.adm



  10.  Template added. Press Close



      
  11.  Browse to this path ( Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > User authentication ) 


  12. Right click at setting ( Local user and password ), and choose Edit


  13. Enable the setting




  14. Enable the first 2 options ( Enable pass-through authentication & Allow pass-trough authentication for all ICA connection)


  15.  This is the outcome, press Apply and OK



  16.  Reboot the machine (or use GPUPDATE /FORCE) , once up access your CWI.





p/s : if it happened that users still unable to utilizing SSO, please refer to here in order to use Citrix Receiver Clean Up Utility.

Share:
           , , , , , , , , ,       2 comments